Siemens SCALANCE X Switches (CVE-2018-13807)

high Tenable OT Security Plugin ID 500756

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability.
Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens provides updates for SCALANCE X300, and SCALANCE X408, and provides mitigations for the SCALANCE X414.

- SCALANCE X300: Update to Version 4.1.2

https://support.industry.siemens.com/cs/us/en/view/109753720

- SCALANCE X408: Update to Version 4.1.2

https://support.industry.siemens.com/cs/us/en/view/109753720

- SCALANCE X424: Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:
- Protect network access to the integrated web server on Port 443/TCP with appropriate mechanisms.
- Restrict network access to Port 443/TCP to trusted IP addresses, and avoid running vulnerability scanning tools from trusted IP addresses on affected devices.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found at:

https://www.siemens.com/industrialsecurity.

For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-447396 on their web site:

https://www.siemens.com/cert/advisories.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-05

http://www.securityfocus.com/bid/105331

Plugin Details

Severity: High

ID: 500756

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 1/25/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2018-13807

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_x300_series_firmware, cpe:/o:siemens:scalance_x408_firmware, cpe:/o:siemens:scalance_x414_firmware:-

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 9/12/2018

Vulnerability Publication Date: 9/12/2018

Reference Information

CVE: CVE-2018-13807

CWE: 20

ICSA: 18-254-05